[extropy-chat] META: Computer Security

Robert Bradbury robert.bradbury at gmail.com
Sun Mar 12 17:27:47 UTC 2006

While most people receiving this note are probably aware of the topic, I
thought I would bring it to everyone's attention again as it is from a
relatively reliable source [1] and provides some hard numbers.

"Among the other data in Symantec's report are new "time to compromise"
figures that try to gauge how long an unpatched, unprotected computer would
last before it has snatched by a hacker.

Windows XP Professional, said Symantec, stays safe just one hour and 12
seconds, while the Windows 2000 Server (with SP4) made it an hour and 17
minutes. An unpatched Windows Server 2003 system lasted somewhat longer.

In contrast, unpatched Linux installations of both Red Hat Enterprise Linux
3 and SuSE Linux 9 Desktop were never compromised during their
month-and-a-half exposure to attackers.

Patched Windows systems, however, remained untouched throughout the test,
backing both its and Microsoft's advice to patch regularly, and patch
promptly. "Applying patches in a timely manner is an important component of
an effective security strategy," the report read."

The article does have some related discussion about browser bugs (IE vs.
Firefox) and various ways of evaluating risks.  Of course the only part
which seems to be left out of the discussion is how long you have to remain
connected to the net to fetch and apply the various patches to the unpatched
installations and what ones relative risk is during that "window of

Feel free to forward it to people you know.

1. Keizer, G., "Firefox Whips Internet Explorer in Vulterability Tally".
TechWeb.com, reported by Yahoo 3/8/06.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20060312/c17fc67b/attachment.html>

More information about the extropy-chat mailing list